Re: Launch script when packet is received

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Amin Azez <azez@ufomechanic.net>
To: octane indice <octane@alinto.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: Launch script when packet is received
Date: Tue, 06 Mar 2007 12:53:24 +0000	[thread overview]
Message-ID: <45ED6444.7020803@ufomechanic.net> (raw)
In-Reply-To: <1173135814.45eca1c605b17@webmail.alinto.com>

* octane indice wrote, On 05/03/07 23:03:
> Hello
> 
> Is there any way to do something like this:
> 
> iptables -A INPUT <packet> -j ACTION --script /sbin/myscript.sh
> 
> And better, with myscript.sh called with arguments like IP src or dest or
> protocol or type of packet?

err.... crikey!
The short answer is: Thankfully not.

The longer answer is yeee-ee-e-es.

You can either use -j LOG and fiddle with your syslog.conf file so that
the logged messages that match are written to a named pipe, and you have
a dispatch daemon that listens on the pipe (you can write this in bash)
and calls your scripts.

Or you could use the depracated ULOG v1 target which receives packets
over netlink and hack the ulog daemon to do your bidding launching scripts.

Or you could use the QUEUE target to queue whole packets to user space
and then use a perl NF QUEUE hander to do your work for you.

I'm sure you have an interesting reason for wanting to do it.

Just don't ask for shell script matches where the exit code of the shell
script is taken as the match result. Although you could probably do this
 using the NF QUEUE method you would also have bad dreams. Or something.

Sam

next prev parent reply	other threads:[~2007-03-06 12:53 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-03-05 23:03 Launch script when packet is received octane indice
2007-03-06 12:53 ` Amin Azez [this message]
2007-03-06 13:12   ` Maik Hentsche

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=45ED6444.7020803@ufomechanic.net \
    --to=azez@ufomechanic.net \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=octane@alinto.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).